Microsoft Accuses Google of Misleading Security Certification

Microsoft is accusing Google of providing misleading information about whether or not its Google Apps for Government is certified under the Federal Information Security Management Act (FISMA).

The roots of the accusation, laid out today in a blog post by Microsoft Corporate Vice President & Deputy General Counsel David Howard, date back to last fall, when the Department of Interior awarded Microsoft with the contract to upgrade its email system and move it to the cloud. Google filed a lawsuit requesting an injunction and claiming that the selection process was unfair.

Following the success of its Apps for Business and Apps for Education offerings, Google has tried to make in-roads into government cloud contracts as well, which do require some additional security measures. And that’s what today’s brush-up involves.

Google has claimed that its Apps for Government does met the minimum security requirements for government IT, but according to a Department of Justice brief unsealed last week, “notwithstanding Google’s representations to the public at large, its counsel, the GAO and this Court, it appears that Google’s Google Apps for Government does not have FISMA certification.”

Google says that Google Apps for Government has received this certification, and had made a point in its lawsuit that it deserved consideration for the federal contract because Microsoft’s rival offering, Business Productivity Online Suite, did not have FISMA certification.

Google does have FISMA certification for Google Apps Premiere, but not for the Apps for Government, although that claim does appear on its website.

As Howard points out, “Google can’t be under the misimpression that FISMA certification for Google Apps Premier also covers Google Apps for Government. If that were the case, then why did Google, according to the attachments in the DOJ brief, decide to file a separate FISMA application for Google Apps for Government?”

Of course, Microsoft has its own motivations for painting Google’s lack of FISMA certification in this light. As Howard notes, the Department of Interior isn’t moving forward with the installation of Microsoft’s cloud offerings, and other government contracts are probably facing extra scrutiny as well.

We have reached out to Google for comment, and we’ll update this story when we hear more.